History for Health Monitoring

Feature

Version

Details

Stream telemetry to an external server using OpenConfig.

7.4

You can now send metrics and health monitoring information from your threat defense devices to an external server (gNMI collector) using OpenConfig. You can configure either threat defense or the collector to initiate the connection, which is encrypted by TLS.

New/modified screens: System ( system gear icon ) > Health > Policy > Firewall Threat Defense Policies > Settings > OpenConfig Streaming Telemetry.

Minimum threat defense: 7.4

Health monitor usability enhancements.

7.4

Improved Add New Dashboard dialog box which helps to create the custom dashboards with ease. Included option to edit or delete the predefined device health monitor dashboards.

New/modified screens: System ( system gear icon ) > Health > Monitor > Devices > Add New Dashboard.

Minimum threat defense: Any

New cluster health monitor dashboard.

7.3

A new dashboard to view the cluster health monitor metrics was introduced with the following components:

Overview―Displays information about the cluster topology, cluster statistics, and metric charts.
Load Distribution―Displays load distribution across the cluster nodes.
Member Performance―Displays current metrics of all the member nodes of the cluster.
CCL―Displays, graphically, the cluster control link data namely, the input, and output rate.

Note	These features are applicable only for a cluster. Hence, you must select the cluster under the Devices list on the Monitoring pane to view and use the cluster dashboard.

New/modified screens: System ( system gear icon ) > Health > Monitor.

New hardware statistics module.

7.3

The management center hardware and environment status statistics were added to the health monitor dashboard:

A new policy module, Hardware Statistics, was introduced to enable monitoring of hardware daemons on the management center hardware. The metrics included fan speed, temperature, and power supply.
A custom metric group, Hardware Statistics, was also added to view graphical representation of the hardware health metrics on the monitoring dashboard.
The power supply status is captured in Health Alerts of the management center.

Note	These features are applicable only for the management center. Hence, they are available only on the management center dashboard.

New/modified screens:

System () > Health > Monitor
System () > Health > Policy

New hardware and environment status metric group,

7.3

The threat defense hardware and environment status statistics were added to the health monitor dashboard:

A custom metric group, Hardware / Environment Status, was introduced to view hardware-related statistics on the threat defense. The metrics included fan speed, chassis temperature, SSD status, and power supply.
The device Health Alerts was enhanced to include the power supply status of the threat defense hardware—Critical alert is displayed for abnormal thermal status, and Normal alert is displayed for normal thermal status.

Note	These features are applicable only for threat defense. Hence, you must select the appropriate device under the Devices list on the Monitoring pane.

New/modified screens: System ( system gear icon ) > Health > Monitor.

Health monitor usability enhancements.

7.1

Following UI page were improved for better usability and presentation of data:

Policy
Exclude
Monitor Alerts

New/modified screens: .

System () > Health > Policy
System () > Health > Exclude
System () > Health > Monitor Alerts

Elephant flow detection.

7.1

The health monitor includes the following enhancements:

The Connection statistics includes active elephant flows.
The Connection Group Metrics includes the number of active elephant flows.

The Elephant Flow Detection feature is not supported on the Cisco Firepower 2100 series.

Discontinued high unmanaged disk usage alerts.

7.0.6

The Disk Usage health module no longer alerts with high unmanaged disk usage. After upgrade, you may continue to see these alerts until you either deploy health policies to managed devices (stops the display of alerts) or upgrade the devices (stops the sending of alerts).

Note	Versions 7.0–7.0.5, 7.1.x, 7.2.0–7.2.3, and 7.3.x continue to support these alerts. If your management center is running any of these versions, you may also continue to see alerts.

New health modules.

7.0

We added the following health modules:

AMP Connection Status: Monitors AMP cloud connectivity from the threat defense.
AMP Threat Grid Status: Monitors AMP Threat Grid cloud connectivity from the threat defense.
ASP Drop: Monitors the connections dropped by the data plane accelerated security path.
Advanced Snort Statistics: Monitors Snort statistics related to packet performance, flow counters, and flow events.
Event Stream Status: Monitors connections to third-party client applications that use the Event Streamer.
FMC Access Configuration Changes: Monitors access configuration changes made directly on the management center.
FMC HA Status: Monitors the active and standby management center and the sync status between the devices. Replaces the HA Status module.
FTD HA Status: Monitors the active and standby threat defense HA pair and the sync status between the devices.
File System Integrity Check: Performs a file system integrity check if the system has CC mode or UCAPL mode enabled.
Flow Offload: Monitors hardware flow offload statistics on the Firepower 9300 and 4100 platforms.
Hit Count: Monitors the number of times a particular rule is hit on the access control policy.
MySQL Status: Monitors the status of the MySQL database.
NTP Status FTD: Monitors the NTP clock synchronization status of the managed device.
RabbitMQ Status: Monitors the status of the RabbitMQ messaging broker.
Routing Statistics: Monitors both IPv4 and IPv6 route information from the threat defense.
Security Services Exchange Connection Status: Monitors security services exchange cloud connectivity from the threat defense.
Sybase Status: Monitors the status of the Sybase database.
Unresolved Groups Monitor: Monitors the unresolved groups used in access control policies.
VPN Statistics: Monitors site-to-site and remote access VPN tunnel statistics.
xTLS Counters: Monitors xTLS/SSL flows, memory and cache effectiveness.

Health monitor enhancements.

7.0

The health monitor adds the following enhancements:

Enhanced management center dashboard with summary views of:
- High Availability
- Event Rate & Capacity
- Process Health
- CPU thresholds
- Memory
- Interface rates
- Disk Usage
Enhanced threat defense dashboard:
- Health alert for split brain scenario
- Additional health metrics available from new Health Modules

New health modules.

6.7

The CPU Usage module is no longer used. Instead, see the following modules for CPU usage:

CPU Usage (per core): Monitors the CPU usage on all of the cores.
CPU Usage Data Plane: Monitors the average CPU usage of all data plane processes on the device.
CPU Usage Snort: Monitors the average CPU usage of the Snort processes on the device.
CPU Usage System: Monitors the average CPU usage of all system processes on the device.

The following modules were added to track statistics:

Connection Statistics: Monitors the connection statistics and NAT translation counts.
Critical Process Statistics: Monitors the state of critical processes, their resource consumption, and the restart counts.
Deployed Configuration Statistics: Monitors statistics about the deployed configuration, such as the number of ACEs and IPS rules.
Snort Statistics: Monitors the Snort statistics for events, flows, and packets.

The following modules were added to track memory usage:

Memory Usage Data Plane: Monitors the percentage of allocated memory used by the Data Plane processes.
Memory Usage Snort: Monitors the percentage of allocated memory used by the Snort process.

Health monitor enhancements.

6.7

The health monitor adds the following enhancements:

Health Status summary page that provides an at-a-glance view of the health of the Firepower Management Center and all of the devices that the management center manages.
The Monitoring navigation pane allows you to navigate the device hierarchy.
Managed devices are listed individually, or grouped according to their geolocation, high availability, or cluster status where applicable.
You can view health monitors for individual devices from the navigation pane.
Custom dashboards to correlate interrelated metrics. Select from predefined correlation groups, such as CPU and Snort; or create a custom correlation dashboard by building your own variable set from the available metric groups.

Functionality moved to the Threat Data Updates on Devices module.

6.7

The Local Malware Analysis module is no longer used. Instead, see the Threat Data Updates on Devices module for this information.

Some information formerly provided by the Security Intelligence module and the URL Filtering Module is now provided by the Threat Data Updates on Devices module.

New health module: Configuration Memory Allocation.

7.0

6.6.3

Version 6.6.3 improves device memory management and introduces a new health module: Configuration Memory Allocation.

This module alerts when the size of your deployed configurations puts a device at risk of running out of memory. The alert shows you how much memory your configurations require, and by how much this exceeds the available memory. If this happens, re-evaluate your configurations. Most often you can reduce the number or complexity of access control rules or intrusion policies.

URL Filtering Monitor improvements.

6.5

The URL Filtering Monitor module now alerts if the management center fails to register to the Cisco cloud.

URL Filtering Monitor improvements.

6.4

You can now configure time thresholds for URL Filtering Monitor alerts.

New health module: Threat Data Updates on Devices.

6.3

A new module, Threat Data Updates on Devices, was added.

This module alerts you if certain intelligence data and configurations that devices use to detect threats has not been updated on the devices within the time period you specify.